first commit

roles/seaweed/tasks/generate_cert.yaml

@@ -0,0 +1,41 @@
+- name: Generate private key for {{ domain }}
+  command: >
+    openssl genrsa -out {{ seaweed_cert_dir }}/{{ domain }}.key 2048
+  args:
+    creates: "{{ seaweed_cert_dir }}/{{ domain }}.key"
+  register: gen_key_result
+
+- name: Generate CSR for {{ domain }}
+  command: >
+    openssl req -new -key {{ seaweed_cert_dir }}/{{ domain }}.key
+    -out {{ seaweed_cert_dir }}/{{ domain }}.csr
+    -subj "/CN={{ domain }}"
+  args:
+    creates: "{{ seaweed_cert_dir }}/{{ domain }}.csr"
+  register: gen_csr_result
+
+- name: Generate certificate signed by CA for {{ domain }}
+  command: >
+    openssl x509 -req
+    -in {{ seaweed_cert_dir }}/{{ domain }}.csr
+    -CA {{ seaweed_ca_cert }}
+    -CAkey {{ seaweed_ca_key }}
+    -CAcreateserial
+    -out {{ seaweed_cert_dir }}/{{ domain }}.crt
+    -days 3650
+    -sha256
+  args:
+    creates: "{{ seaweed_cert_dir }}/{{ domain }}.crt"
+  register: gen_crt_result
+
+- name: Set certificate permissions
+  file:
+    path: "{{ item }}"
+    owner: "{{ seaweed_user }}"
+    group: "{{ seaweed_group }}"
+    mode: '0644'
+    recurse: true
+  loop:
+    - "{{ seaweed_cert_dir }}/{{ domain }}.crt"
+    - "{{ seaweed_cert_dir }}/{{ domain }}.csr"
+    - "{{ seaweed_cert_dir }}/{{ domain }}.key"